Jun 14, 2017
By Godfrey Cheng
Recently Synaptics did the heavy lifting to educate the public about biometric security and the need for data encryption. We spent time with customers, press and analysts to establish best practices for any biometric sensor, including fingerprint sensors. One of the best practices is to ensure that unencrypted data is never out in the “clear” through unencrypted memory or as we demonstrated, an unencrypted bus.
During these security demos, we were able to intercept and capture a fingerprint image between the sensor and host and we were able to create and print conductive ink spoofs in under 10 minutes. With these printed spoofs, we unlocked the unwitting volunteer’s personal phone in most cases. We usually touched the phone for the very first time during the actual hack.
More insidious than printed spoofs was our demonstration where we simply captured all the data from the fingerprint sensor and replayed it back. Because there was no trust relationship between an unencrypted sensor and host, we were able to unlock the victim computer by simply playing back the captured data stream. The victim computer had no way to know the difference between a real finger touching the sensor and the replay of the captured data.
In today’s blog, we will focus on the difference between data encryption and data scrambling. To mask data between the sensor and host CPU, you should always encrypt the data with a strong algorithm. There are some fingerprint sensors in the market today that do rudimentary scrambling of the fingerprint image. We believe this rudimentary data scrambling is unsafe as it is relatively easy to retrieve the original image.
Scrambling was used in the 1980’s to protect satellite and Pay TV. We all remember seeing images like this:
These methods of scrambling often did tricks like changing the order of the video scan lines so that the image could not render properly on the CRT-based television but this did not affect the audio track. Encryption was known back then, too, but it was too hard to use and too expensive for the consumer market. That is no longer true on modern set-top boxes.
Still, to save a few pennies, some companies are trying to use these decades old scrambling technologies to protect fingerprint images. Instead of actually protecting the data lines, data scrambling seeks to just obfuscate the data. When a finger is placed on a sensor, the sensor sends a digital image of the fingerprint over a wire as a stream of bytes of data. Instead of scrambling video scan lines, digital scrambling is just reordering the bits or nibbles within the byte. So if you were to able to intercept and capture this data, at first blush the full fingerprint image will not be obvious. But using simple math techniques, an attacker can deduce the scrambling methodology through trial and error. Here is an example of scrambled data sniffed from a shipping phone and the recomposed image after we deduced the algorithm and descrambled it.
Just like the Pay TV movies that your parents did not allow you watch in the 1980’s, the scrambled image on the left actually still has outlines of the fingerprint. On the right is the descrambled fingerprint image. While data scrambling might be able to thwart basic thieves, it will not deter the sophisticated hacker. Additionally, if data lines are not authenticated and encrypted and you were able to capture the data, you don’t even need to descramble the fingerprint image, you can just playback the scrambled image and the descrambling will automatically be done by the host!
Encryption was designed to operate in the digital domain. It is meant to work with digital data and not analog video. It is meant to deal with streaming data or packetized data. It protects modern communications, internet browsing and e-commerce. Encryption is the backbone of the modern economy. The basic goal of encryption is to ensure data is only accessible to those with the right authority and no one else.
If you use modern cryptography, revealing the industry standard algorithms does not give the hacker an inherent advantage. Beware anyone that offers proprietary scrambling or encryption schemes, these are unsafe.
Synaptics fingerprint sensors use SecureLink™ to protect the data lines between the sensor and host. We use Transport Layer Security or TLS 1.2 as the communication protocol, which establishes a trusted and private communication link between our fingerprint sensor and our driver on the host. TLS is the updated version of Secure Sockets Layer (SSL) which many may be familiar with since this protects billions of web browsers today. Synaptics uses Elliptic Curve Cryptography for mutual authentication of the fingerprint sensor and matcher, as well as for generating the AES-256 encryption keys. Elliptic Curve Cryptography is accepted by the United States NSA to guard top secrets.
OK, in plain English. The Synaptics sensor establishes a trusted relationship with our driver that is running on the host that prevents the replay attacks described above. It is virtually impossible to break into the tunnel between the sensor and host. Synaptics also encrypts the data with the AES-256 algorithm using a new key for each session, which means even if you were able to intercept and capture the data, you would have to crack the encryption again every time to make it meaningful.
The difference between encryption and scrambling is not just something guys in white lab coats care about. Scrambling is like using a simple puzzle to lock everyone’s door, rather than everyone having their own key. Once you solve the puzzle, you can get into everyone’s house. Even if the scrambling uses some kind of key, it’s a simple one that can be guessed by trying all of the possible values.
Encryption, on the other hand, uses mathematics to ensure that both sides must have corresponding keys in order to decrypt the data, even if the exact algorithm or “puzzle” is known. Publicly standardized encryption is considered impossible to crack by just using math without trying every possible key, and these keys are very large numbers. To brute-force attack AES-256, or guess at every key, would take 50 supercomputers that can check a billion billion (1018) keys per second, about 3X1051 years to attack every key in the AES-256 space.
Does this mean our sensors with SecureLink™ are infallible? Of course not. No security system is infallible. However, the level of protection offered to companies protecting corporate data or the individual protecting their privacy is greatly enhanced by using our encrypted sensors instead of sensors relying on weak scrambling technology. Security is only as strong as the weakest link, and sending data over an unencrypted and unauthenticated wire is a very weak link, indeed.
Through secure encryption, not only do we prevent the theft of someone’s fingerprint from a vulnerable sensor but we also prevent the types of attacks that we demonstrated where a captured fingerprint can be replayed back into the host.
Demand end-to-end encryption of your fingerprint sensor!